Search⌘ K
AI Features
Home
Courses
Python Scapy for Network Security

Analyzing Packet Responses

Explore how to examine packet responses after sending SYN packets with Scapy to determine which ports are open or closed. Understand the roles of TCP flags and how to automate identifying open ports and detecting firewalled or closed ports. This lesson builds your skills in creating effective port scanners.

We'll cover the following...

Examining packet responses

In the previous lesson, we looked at sending and receiving packets in Scapy but didn’t analyze the results. In this lesson, we’ll examine the return values from the sr function and use them to determine which ports are open or closed on the target system.

To start, let’s take another look at our SYN scanning code. Note that the TCP layer has an S flag set, indicating that it is a SYN packet, the first packet in the TCP handshake.

Python 3.8
from scapy.all import *
ip = IP(dst='8.8.4.4')
ports = [53, 80, 443]
tcp = TCP(sport=7777,dport=ports,flags="S")
p = ip/tcp
res = sr(p,verbose=0,timeout=2)
print(res)

If we run the code, we can see the results of sending the three packets to the target system ((<Results: TCP:2 UDP:0 ICMP:0 Other:0>, <Unanswered: TCP:1 UDP:0 ICMP:0 Other:0>)). A tuple contains the set of results, which are packets sent in response to the sent packets, as well as a set of unanswered packets. These packets are further broken up into TCP and UDP packets as well as ICMP packets (which are ...